2 Replies Latest reply on Feb 25, 2014 3:25 AM by Philippe Marschall

    RBAC role mapping with custom JAAS login module

    Philippe Marschall Expert

      We currently have a custom JAAS LoginModule (subclass of DatabaseServerLoginModule) and try to use RBAC in WF8. We have trouble getting the role mapping to work. Mapping a single user works fine but mapping groups does not seem to work. Adding or removing the realm does not seem to make a difference. We do set the rolesQueryInstance variable in the module and @RolesAllowed works fine with the login module.

       

      Our configuration looks like this:

      <management>

        <security-realms>

        <security-realm name="AcmeRealm">

        <authentication>

        <jaas name="acme"/>

        </authentication>

        </security-realm>

        </security-realms>

        <access-control provider="rbac">

        <role-mapping>

        <role name="SuperUser">

        <include>

        <group realm="AcmeRealm" name="ADMIN"/>

        </include>

        </role>

        </role-mapping>

        </access-control>

        </management>

        <subsystem xmlns="urn:jboss:domain:security:1.2">

        <security-domains>

        <security-domain name="acme" cache-type="default">

        <authentication>

        <login-module code="Remoting" flag="optional">

        <module-option name="password-stacking" value="useFirstPass"/>

        </login-module>

        <login-module code="com.acme.AcmeDatabaseServerLoginModule" flag="required" module="com.acme.security">

        <module-option name="unauthenticatedIdentity" value="guest"/>

        </login-module>

        </authentication>

        </security-domain>

        </security-domains>

        </subsystem>